PGP Sign
Create a detached PGP signature for any file using your private key.
About PGP Sign
PGP Sign creates a detached signature for a file using your private key, giving recipients a way to verify the file is authentic and unaltered. The signature lives in a separate file, so the original document stays untouched. Signing runs in your browser — your private key never leaves your machine.
- Category
- privacy
- Input
- Accepts: */*.
- Output
- Outputs: text/plain.
- Cost
- Free, runs in your browser
- Memory
- medium
Common uses
- Sign a software release or binary so users can confirm it's the genuine artifact you published
- Attach a detached signature to a document that must prove it hasn't been tampered with in transit
- Vouch for the authenticity of a press statement or advisory before distribution
- Sign a config or manifest file that downstream automation will verify before trusting
- Provide a verifiable signature alongside a file shared in a public repository or mailing list
- Prove authorship of a message without altering or encrypting its contents
Frequently asked questions
What is a detached signature?
It's a separate file holding the cryptographic signature, not embedded in the document. The original file stays byte-for-byte unchanged, and you distribute the two together.
What files can I sign?
Any file type is accepted, since signing operates on raw bytes regardless of format.
Does signing reveal or upload my private key?
No. The signature is computed locally in your browser, so your private key never leaves your device.
How does the recipient check the signature?
They use your public key plus the original file and the detached signature. The PGP Verify tool does exactly this.
Does signing encrypt the file?
No — signing only proves authenticity and integrity. The file's contents remain readable. Use PGP Encrypt if you also need confidentiality.
Keywords
- pgp
- gpg
- sign
- signature
- openpgp
- private-key
- verify
- authenticity